Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e20383334.roa
File:                     352e3232362e3138372e302f32342d3234203d3e20383334.roa (raw, json)
Hash identifier:          ba9NIwQrx2mkmwqgkiA1GZhbB5JUUiDfDg8aVpODn68=
Subject key identifier:   7F:EE:F2:8D:E7:07:C7:AA:14:D9:B6:A9:47:FF:45:21:1B:6A:EE:F8
Certificate issuer:       /CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
Certificate serial:       2786AD601CB4409D8F55E1588952C68CB453FCF1
Authority key identifier: F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e20383334.roa
Signing time:             Sat 25 Jan 2025 13:44:03 +0000
ROA not before:           Sat 25 Jan 2025 13:39:03 +0000
ROA not after:            Sat 24 Jan 2026 13:44:03 +0000
asID:                     834
IP address blocks:        5.226.187.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:86:ad:60:1c:b4:40:9d:8f:55:e1:58:89:52:c6:8c:b4:53:fc:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f768ff6e681858c0ec19f3a93fa1792cd16ceed3
        Validity
            Not Before: Jan 25 13:39:03 2025 GMT
            Not After : Jan 24 13:44:03 2026 GMT
        Subject: CN=7FEEF28DE707C7AA14D9B6A947FF45211B6AEEF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:03:2b:18:9c:19:b5:2a:fc:2f:ff:94:6f:
                    74:f0:6d:ee:95:8c:37:2d:f4:fb:92:bf:9a:98:86:
                    96:63:fb:94:f3:8d:57:a3:0e:fa:fd:76:fe:b1:e0:
                    b5:e3:b9:9f:d4:c9:ed:8a:af:2f:5b:90:43:e7:2e:
                    b0:a2:3f:f7:4a:11:a1:fc:f3:0e:34:64:8f:53:cd:
                    f9:ab:8c:b8:67:50:8c:4a:be:de:4e:63:e4:68:7e:
                    b3:04:e2:ea:be:9d:a7:21:7e:42:77:b8:c0:d9:32:
                    4f:c4:2e:b8:46:7c:59:b6:6f:a2:28:a0:c7:02:a7:
                    6d:e9:d3:cd:1e:6d:09:14:b9:e9:36:94:02:2a:33:
                    68:14:53:27:d6:64:29:00:61:71:aa:44:30:8e:fb:
                    a0:83:ae:30:91:ce:22:89:f3:a5:13:e9:cb:84:c3:
                    c2:54:74:31:21:1f:07:52:4d:8b:7f:b8:b5:9d:17:
                    7c:05:76:1d:74:67:b6:04:f4:a9:93:d5:9f:f1:eb:
                    3c:c1:61:4c:72:c9:d9:2a:03:4c:a5:c7:b1:cb:81:
                    de:d3:b6:25:cf:12:51:01:76:6a:d1:75:a3:ee:5a:
                    8e:ed:d6:49:f5:c9:55:c7:cd:1e:56:45:a9:af:56:
                    32:8e:9b:d9:79:49:b5:c4:f3:ae:20:b8:79:99:cd:
                    06:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:EE:F2:8D:E7:07:C7:AA:14:D9:B6:A9:47:FF:45:21:1B:6A:EE:F8
            X509v3 Authority Key Identifier:
                keyid:F7:68:FF:6E:68:18:58:C0:EC:19:F3:A9:3F:A1:79:2C:D1:6C:EE:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/F768FF6E681858C0EC19F3A93FA1792CD16CEED3.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/92j_bmgYWMDsGfOpP6F5LNFs7tM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/0cc08737-9267-402a-99d4-7aaafea444ed/0/352e3232362e3138372e302f32342d3234203d3e20383334.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.226.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:d8:dd:6c:ab:2f:c6:e0:7a:4f:40:df:8b:b4:89:13:0c:ab:
         e0:57:b6:15:d3:f8:82:16:aa:ac:91:54:8a:ab:fb:f9:41:d3:
         67:d2:39:3b:df:b5:5f:94:73:48:49:1d:34:3d:ff:2e:a9:a5:
         96:66:1d:a5:06:d7:30:87:07:17:24:fc:0f:1f:ce:7d:f0:7c:
         c6:40:33:05:77:ae:a0:72:e0:62:91:38:e6:2a:2c:3a:5a:e4:
         a6:86:33:60:0a:ce:b7:d4:c8:5a:00:3a:ed:ee:b3:5b:dd:de:
         b9:82:73:bf:eb:24:84:36:9d:5b:b8:9f:f6:08:f6:50:32:93:
         80:82:9b:e6:ba:a8:69:48:e7:a4:d7:38:d0:b4:8f:e7:11:48:
         5f:23:20:0e:e6:dc:f9:29:b8:8f:95:c3:94:cb:8e:9d:64:66:
         f7:a5:92:c5:73:9d:33:7b:7e:e9:01:b3:20:2b:c5:85:d9:ce:
         96:0b:3b:29:f9:5e:9e:4c:18:b3:a7:5b:cc:6c:f8:2b:cc:53:
         af:b1:cb:e1:cd:8b:3b:4c:92:92:a2:09:d8:c7:d1:38:e7:f3:
         a7:5a:a9:42:48:f7:db:ac:53:f8:bf:88:f1:41:74:f7:9a:05:
         8d:e9:6f:29:79:eb:a9:a0:53:ea:dd:58:9a:c5:13:88:fe:c6:
         50:60:b8:db
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIUJ4atYBy0QJ2PVeFYiVLGjLRT/PEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoZjc2OGZmNmU2ODE4NThjMGVjMTlmM2E5M2ZhMTc5MmNk
MTZjZWVkMzAeFw0yNTAxMjUxMzM5MDNaFw0yNjAxMjQxMzQ0MDNaMDMxMTAvBgNV
BAMTKDdGRUVGMjhERTcwN0M3QUExNEQ5QjZBOTQ3RkY0NTIxMUI2QUVFRjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDBwMrGJwZtSr8L/+Ub3Twbe6V
jDct9PuSv5qYhpZj+5TzjVejDvr9dv6x4LXjuZ/Uye2Kry9bkEPnLrCiP/dKEaH8
8w40ZI9TzfmrjLhnUIxKvt5OY+RofrME4uq+nachfkJ3uMDZMk/ELrhGfFm2b6Io
oMcCp23p080ebQkUuek2lAIqM2gUUyfWZCkAYXGqRDCO+6CDrjCRziKJ86UT6cuE
w8JUdDEhHwdSTYt/uLWdF3wFdh10Z7YE9KmT1Z/x6zzBYUxyydkqA0ylx7HLgd7T
tiXPElEBdmrRdaPuWo7t1kn1yVXHzR5WRamvVjKOm9l5SbXE864guHmZzQbFAgMB
AAGjggI3MIICMzAdBgNVHQ4EFgQUf+7yjecHx6oU2bapR/9FIRtq7vgwHwYDVR0j
BBgwFoAU92j/bmgYWMDsGfOpP6F5LNFs7tMwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvMGNjMDg3MzctOTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0
NGVkLzAvRjc2OEZGNkU2ODE4NThDMEVDMTlGM0E5M0ZBMTc5MkNEMTZDRUVEMy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxULzkyal9ibWdZV01Ec0dmT3BQNkY1TE5G
czd0TS5jZXIwgacGCCsGAQUFBwELBIGaMIGXMIGUBggrBgEFBQcwC4aBh3JzeW5j
Oi8vcnN5bmMucGFhcy5ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvMGNjMDg3Mzct
OTI2Ny00MDJhLTk5ZDQtN2FhYWZlYTQ0NGVkLzAvMzUyZTMyMzIzNjJlMzEzODM3
MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzgzMzM0LnJvYTAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABeK7MA0G
CSqGSIb3DQEBCwUAA4IBAQB42N1sqy/G4HpPQN+LtIkTDKvgV7YV0/iCFqqskVSK
q/v5QdNn0jk737VflHNISR00Pf8uqaWWZh2lBtcwhwcXJPwPH8598HzGQDMFd66g
cuBikTjmKiw6WuSmhjNgCs631MhaADrt7rNb3d65gnO/6ySENp1buJ/2CPZQMpOA
gpvmuqhpSOek1zjQtI/nEUhfIyAO5tz5KbiPlcOUy46dZGb3pZLFc50ze37pAbMg
K8WF2c6WCzsp+V6eTBizp1vMbPgrzFOvscvhzYs7TJKSognYx9E45/OnWqlCSPfb
rFP4v4jxQXT3mgWN6W8peeupoFPq3ViaxROI/sZQYLjb
-----END CERTIFICATE-----